Taiwan's BitoPro hit by NT$345 million cryptocurrency hack
台灣加密貨幣交易所BitoPro遭駭客攻擊,損失金額達3.45億新台幣
Country's second-largest crypto platform faces cyberattack as hackers exploit multiple blockchains and mixers
TAIPEI (Taiwan News) — Taiwan’s second-largest crypto platform BitoPro suffered a cyberattack on May 8, losing an estimated NT$345 million (US$11.5 million), blockchain analyst ZachXBT revealed Monday.
The Financial Supervisory Commission’s Securities and Futures Bureau confirmed the security breach and announced that BitoPro will be required to issue an official public statement regarding the incident, CTEE reported. Operator Bito Group assured users that their assets and rights remain protected and unaffected.
ZachXBT’s on-chain analysis revealed that the hackers exploited several public blockchains, including Tron, Ethereum, Solana, and Polygon. Following the theft, the stolen funds were moved through centralized exchanges or third-party platforms for trading digital currencies for liquidation.
The hackers also employed mixers such as Tornado Cash to obscure the origin and destination of the assets, and used cross-chain transfers via Thorchain to move the funds into the Bitcoin network. From there, the money was funneled into privacy wallets like Wasabi.
Blockchain technology is a decentralized and secure type of database that stores data in interconnected blocks, creating an immutable and transparent ledger shared across a network. This design ensures that no single party can alter transaction records without consensus, making it ideal for tracking digital assets, according to Binance Academy and Amazon Web Services.
Mixers are tools used in the cryptocurrency ecosystem to enhance transaction privacy by breaking the link between sender and receiver on public blockchains like Bitcoin and Ethereum. While mixers protect user privacy and are favored by some advocates, they are also frequently used for money laundering, attracting regulatory scrutiny worldwide, according to Block Tempo.
The platform reported that the breach occurred during an upgrade of its wallet system and asset transfer process, targeting an outdated hot wallet. Hot wallets, which are connected to the internet, facilitate quick access but are more vulnerable to hacking compared to cold wallets, which are offline and more secure.
Upon detecting the intrusion, it immediately transferred the platform’s assets to a new wallet and blocked further unauthorized access. The platform has engaged a third-party cybersecurity firm to investigate the attack and monitor related activities.
All user functions, including deposits, withdrawals, and trading, have continued uninterrupted, BitoPro said.
The platform also announced plans to publicly disclose the address of the new hot wallet for user verification. It emphasized that the majority of its assets are stored in cold wallets, which remained unaffected by the cyberattack.
Both hot and cold wallets store cryptocurrency and token private keys. Cold wallets, typically hardware devices resembling USB sticks, offer enhanced security as they are offline and therefore less susceptible to cyberattacks, according to Investopedia.
The bureau said Bito Group must absorb the financial loss resulting from the attack and is prohibited from passing it on to users. It also reminded industry participants of the importance of promptly disclosing significant incidents and pledged to oversee improvements in security measures across the sector.
